</>
bashintermediate

SSL Certificate Renewal with Certbot

Automate Let's Encrypt SSL certificate issuance and renewal with Certbot and NGINX reload.

bash
#!/usr/bin/env bash
set -euo pipefail

DOMAIN="example.com"
EMAIL="admin@example.com"

# Install certbot
sudo apt update && sudo apt install -y certbot python3-certbot-nginx

# Issue certificate (NGINX plugin handles validation + config)
sudo certbot --nginx -d "$DOMAIN" -d "www.$DOMAIN" \
  --non-interactive --agree-tos --email "$EMAIL" \
  --redirect  # auto-add HTTP→HTTPS redirect

# Check certificate
sudo certbot certificates

# Test renewal (dry run)
sudo certbot renew --dry-run

# Auto-renewal timer (certbot installs this automatically)
systemctl list-timers | grep certbot

# Manual renewal with NGINX reload hook
sudo certbot renew --deploy-hook 'systemctl reload nginx'

# Setup cron for renewal (if systemd timer not available)
# 0 3 * * * certbot renew --deploy-hook 'systemctl reload nginx' >> /var/log/certbot-renew.log 2>&1

# Check certificate expiry
openssl x509 -in /etc/letsencrypt/live/$DOMAIN/fullchain.pem -noout -dates

# Test SSL configuration
curl -vI "https://$DOMAIN" 2>&1 | grep -E '(SSL|subject|expire)'

Use Cases

  • Automated HTTPS setup for web servers
  • SSL certificate renewal without downtime
  • Let's Encrypt integration with NGINX

Tags

#ssl#certbot#letsencrypt#nginx#devops

Related Snippets

Similar patterns you can reuse in the same workflow.

bashintermediate

Nginx SSL Setup with Certbot

Bash script to install and configure SSL certificates with Certbot for Nginx with auto-renewal.

Best for: Setting up HTTPS for production websites

#ssl#certbot
bashintermediate

Nginx Reverse Proxy Configuration

Nginx config to reverse-proxy requests to a backend with WebSocket support and security headers.

Best for: Serving Node.js apps behind Nginx

#nginx#reverse-proxy
bashadvanced

Nginx Load Balancer Configuration

Nginx upstream load balancer with weighted round-robin, health checks, and failover handling.

Best for: Distributing traffic across multiple app servers

#nginx#load-balancer
bashintermediate

Nginx Rate Limiting Configuration

Nginx rate limiting with multiple zones for API and login routes, burst handling, and custom error pages.

Best for: Protecting APIs from abuse and DDoS

#nginx#rate-limiting